archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-25 22:04:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8346094: Harden X509CertImpl.getExtensionValue for NPE cases

Browse source 
Reviewed-by: coffeys, weijun
This commit is contained in:
konanki sreenath 2025-02-19 16:47:54 +00:00 committed by Weijun Wang
parent efbad00c4d
commit 70a6c0b7ac
3 changed files with 220 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

71
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -120,7 +120,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public X509CertImpl(X509CertInfo info, AlgorithmId algId, byte[] signature,
byte[] signedCert) {
this.info = info;
this.info = Objects.requireNonNull(info);
this.algId = algId;
this.signature = signature;
this.signedCert = Objects.requireNonNull(signedCert);
@ -553,7 +553,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* before this function may be called.
*/
public String toString() {
if (info == null || algId == null || signature == null)
if (algId == null || signature == null)
return "";
HexDumpEncoder encoder = new HexDumpEncoder();
@ -570,8 +570,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the publickey.
*/
public PublicKey getPublicKey() {
if (info == null)
return null;
return info.getKey().getKey();
}
@ -581,8 +579,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the version number, i.e. 1, 2 or 3.
*/
public int getVersion() {
if (info == null)
return -1;
try {
int vers = info.getVersion().getVersion();
return vers + 1;
@ -609,8 +605,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the serial number.
*/
public SerialNumber getSerialNumberObject() {
if (info == null)
return null;
return info.getSerialNumber().getSerial();
}
@ -622,8 +616,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
@SuppressWarnings("deprecation")
public Principal getSubjectDN() {
if (info == null)
return null;
return info.getSubject();
}
@ -633,9 +625,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* also aware of X509CertImpl mutability.
*/
public X500Principal getSubjectX500Principal() {
if (info == null) {
return null;
}
try {
return info.getSubject().asX500Principal();
} catch (Exception e) {
@ -650,8 +639,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
@SuppressWarnings("deprecation")
public Principal getIssuerDN() {
if (info == null)
return null;
return info.getIssuer();
}
@ -661,9 +648,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* also aware of X509CertImpl mutability.
*/
public X500Principal getIssuerX500Principal() {
if (info == null) {
return null;
}
try {
return info.getIssuer().asX500Principal();
} catch (Exception e) {
@ -677,8 +661,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the start date of the validity period.
*/
public Date getNotBefore() {
if (info == null)
return null;
return info.getValidity().getNotBefore();
}
@ -688,8 +670,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the end date of the validity period.
*/
public Date getNotAfter() {
if (info == null)
return null;
return info.getValidity().getNotAfter();
}
@ -702,10 +682,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @exception CertificateEncodingException if an encoding error occurs.
*/
public byte[] getTBSCertificate() throws CertificateEncodingException {
if (info != null) {
return info.getEncodedInfo();
} else
throw new CertificateEncodingException("Uninitialized certificate");
return info.getEncodedInfo();
}
/**
@ -766,8 +743,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the Issuer Unique Identity.
*/
public boolean[] getIssuerUniqueID() {
if (info == null)
return null;
UniqueIdentity id = info.getIssuerUniqueId();
if (id == null)
return null;
@ -781,8 +756,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* @return the Subject Unique Identity.
*/
public boolean[] getSubjectUniqueID() {
if (info == null)
return null;
UniqueIdentity id = info.getSubjectUniqueId();
if (id == null)
return null;
@ -935,8 +908,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* not supported, otherwise return false.
*/
public boolean hasUnsupportedCriticalExtension() {
if (info == null)
return false;
CertificateExtensions exts = info.getExtensions();
if (exts == null)
return false;
@ -952,9 +923,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* certificate that are marked critical.
*/
public Set<String> getCriticalExtensionOIDs() {
if (info == null) {
return null;
}
try {
CertificateExtensions exts = info.getExtensions();
if (exts == null) {
@ -981,9 +949,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* certificate that are NOT marked critical.
*/
public Set<String> getNonCriticalExtensionOIDs() {
if (info == null) {
return null;
}
try {
CertificateExtensions exts = info.getExtensions();
if (exts == null) {
@ -1010,9 +975,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* extension
*/
public Extension getExtension(ObjectIdentifier oid) {
if (info == null) {
return null;
}
CertificateExtensions extensions = info.getExtensions();
if (extensions != null) {
Extension ex = extensions.getExtension(oid.toString());
@ -1031,9 +993,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
public Extension getUnparseableExtension(ObjectIdentifier oid) {
if (info == null) {
return null;
}
CertificateExtensions extensions = info.getExtensions();
if (extensions == null) {
return null;
@ -1047,6 +1006,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
* oid String.
*
* @param oid the Object Identifier value for the extension.
* @return the DER-encoded extension value, or {@code null} if
* the extensions are not present or the value is not found
*/
public byte[] getExtensionValue(String oid) {
try {
@ -1054,13 +1015,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
String extAlias = OIDMap.getName(findOID);
Extension certExt = null;
CertificateExtensions exts = info.getExtensions();
if (exts == null) {
return null;
}
if (extAlias == null) { // may be unknown
// get the extensions, search through' for this oid
if (exts == null) {
return null;
}
for (Extension ex : exts.getAllExtensions()) {
ObjectIdentifier inCertOID = ex.getExtensionId();
if (inCertOID.equals(findOID)) {
@ -1069,12 +1028,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
}
} else { // there's subclass that can handle this extension
certExt = getInfo().getExtensions().getExtension(extAlias);
certExt = exts.getExtension(extAlias);
}
if (certExt == null) {
if (exts != null) {
certExt = exts.getUnparseableExtensions().get(oid);
}
certExt = exts.getUnparseableExtensions().get(oid);
if (certExt == null) {
return null;
}
@ -1098,8 +1055,12 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public boolean[] getKeyUsage() {
try {
CertificateExtensions extensions = info.getExtensions();
if (extensions == null) {
return null;
}
KeyUsageExtension certExt = (KeyUsageExtension)
getInfo().getExtensions().getExtension(KeyUsageExtension.NAME);
extensions.getExtension(KeyUsageExtension.NAME);
if (certExt == null)
return null;